https://bugs.winehq.org/show_bug.cgi?id=46161 Olivier F. R. Dierick <o.dierick(a)piezo-forte.be> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marcel(a)meulemans.org --- Comment #1 from Olivier F. R. Dierick <o.dierick(a)piezo-forte.be> --- *** Bug 46167 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #3 from jaapbuurman(a)gmail.com --- Thank you very much for the patch! Unfortunately, I will only be able to try the patch and compile Wine this weekend. If anyone is up for testing out the patch before that, that would be very welcome :) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #5 from Jacek Caban <jacek(a)codeweavers.com> --- Thanks for logs. For TLS 1.3 to be used, we'd need to add to protocol_config_keys in schannel.c as well. I tried that, but for some reason, the connection fails. It needs a closer look. Also it seems that TLS 1.3 is not yet supported on Windows. PSDK has defines for it ready, but there doesn't seem to be the actual implementation. Still, we could have it, perhaps disabled by default... However, I think that the original bug was about TLS 1.3 being used when it shouldn't be. That's because our gnutls backend doesn't disable it when it should. This part should work with the attached patch (I will attach a new version, because includes part is in Wine already). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #7 from Marcel <marcel(a)meulemans.org> --- For me Jacek's patch did not work because TLS 1.3 is still negotiated due to it being part of the "NORMAL" priority string being passed to gnutls_priority_set_direct() in schan_imp_create_session(). I got it work correctly with TLS 1.3 enabled servers (not https://tls13.crypto.mozilla.org which support ONLY TLS 1.3) by removing protocols supported by gnutls but no by wine in the priority string passed to gnutls_priority_set_direct. See attached patch. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #9 from jaapbuurman(a)gmail.com --- Is there anything I can do at the moment to help fix this issue? :) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #11 from Jacek Caban <jacek(a)codeweavers.com> --- (In reply to Marcel from comment #7)

For me Jacek's patch did not work because TLS 1.3 is still negotiated due to it being part of the "NORMAL" priority string being passed to gnutls_priority_set_direct() in schan_imp_create_session(). I got it work correctly with TLS 1.3 enabled servers (not https://tls13.crypto.mozilla.org which support ONLY TLS 1.3) by removing protocols supported by gnutls but no by wine in the priority string passed to gnutls_priority_set_direct. See attached patch.

With my patch, we should pass -VERS-TLS1.3, so it shouldn't be a problem that it's part of NORMAL. Is it not passed for some reason? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 --- Comment #13 from Jacek Caban <jacek(a)codeweavers.com> --- Not really, note that as long as the code in schannel.c is not aware of TLS1.3 (and I tested that although TLS1.3 is defined in headers, Windows doesn't support it so I'm not sure we want to), it will never be actually enabled. My patch made only gnutls backend aware of TLS1.3, which meant in practice that it would be always disabled, so we'd always append -VERS-TLS1.3 to the priority string. Headers are already in Git: https://source.winehq.org/git/wine.git/commitdiff/40c847d8074770681d1c6434fd... I took another look at this and sent a simpler patch: https://source.winehq.org/patches/data/155698 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

https://bugs.winehq.org/show_bug.cgi?id=46161 Gijs Vermeulen <gijsvrm(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Fixed by SHA1| |5cc5b102c1b0a66aa63b66f43f2 | |da9a1a9d15ab6 --- Comment #15 from Gijs Vermeulen <gijsvrm(a)gmail.com> --- (In reply to Marcel from comment #14)

Indeed, just tried the latest master (which includes your latest patch) and it works like a charm. Thanks!

Marking fixed then. Thanks for reporting back. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.